diff options
| author | Mark Sapiro <mark@msapiro.net> | 2021-11-12 15:23:52 -0800 |
|---|---|---|
| committer | Mark Sapiro <mark@msapiro.net> | 2021-11-12 15:23:52 -0800 |
| commit | 9741161c4d404a1364c701813b77f81779d7f6a5 (patch) | |
| tree | ca043396260744cafcb218d92b858e1d7f0dc9c2 | |
| parent | d9e523199b4203dfeddfe2d8b03524ccf9fdf4a3 (diff) | |
| download | mailman2-9741161c4d404a1364c701813b77f81779d7f6a5.tar.gz mailman2-9741161c4d404a1364c701813b77f81779d7f6a5.tar.xz mailman2-9741161c4d404a1364c701813b77f81779d7f6a5.zip | |
Fix admindb for list with no mod password.
| -rw-r--r-- | Mailman/CSRFcheck.py | 2 | ||||
| -rw-r--r-- | Mailman/Cgi/admindb.py | 3 | ||||
| -rw-r--r-- | NEWS | 6 |
3 files changed, 9 insertions, 2 deletions
diff --git a/Mailman/CSRFcheck.py b/Mailman/CSRFcheck.py index 24e3e11b..4505f9d4 100644 --- a/Mailman/CSRFcheck.py +++ b/Mailman/CSRFcheck.py @@ -45,7 +45,7 @@ def csrf_token(mlist, contexts, user=None): for context in contexts: key, secret = mlist.AuthContextInfo(context, user) - if key: + if key and secret: break else: return None # not authenticated diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py index 32b0be76..45ba6492 100644 --- a/Mailman/Cgi/admindb.py +++ b/Mailman/Cgi/admindb.py @@ -59,7 +59,8 @@ if mm_cfg.DISPLAY_HELD_SUMMARY_SORT_BUTTONS in (SSENDERTIME, STIME): else: ssort = SSENDER -AUTH_CONTEXTS = ((mm_cfg.AuthListModerator,)) +AUTH_CONTEXTS = (mm_cfg.AuthListModerator, mm_cfg.AuthListAdmin, + mm_cfg.AuthSiteAdmin) @@ -5,6 +5,12 @@ Copyright (C) 1998-2020 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. +2.1.37 (12-Nov-2021) + + Bug Fixes and other patches + + - A bug in the fix for CVE-2021-43332 has neen fixed. (LP: #1950833) + 2.1.36 (12-Nov-2021) Security |